by Bharat Mistry
It’s been a pretty hectic 12 months, but for UK CISOs the bad news is that 2016 is unlikely to bring with it any respite. Over the past year we’ve seen a never-ending avalanche of data breaches, nation state espionage attacks and hacktivist campaigns; sophisticated new malware; and a return of some old attack techniques. And all of this against an ever more volatile regulatory compliance backdrop that threatens to turn up the pressure even more next year.
We’ll be doing our bit by continuing to protect our customers from the latest threats with innovative new products, and working with law enforcement to hit the bad guys where it hurts. But security bosses should also start planning now to overcome the key challenges Trend Micro predicts for 2016.
A year in security
Organisations on both sides of the Atlantic showed they are still ill-equipped to cope with targeted attacks and continue to make basic security errors allowing hackers to strike. Whether it was the apparently insider-related attack on infidelity site Ashley Madison or the more traditional targeted intrusions at major US healthcare firms Anthem and Premera and the massive OPM federal breach, it was no real surprise that the data breaches kept on coming in 2015. The UK had its fair share of incidents too, many of which were punished by the Information Commissioner’s Office (ICO). The TalkTalk breach turned out to be less serious than at first thought but shows that some British firms are no better at securing customer data than their global counterparts.
At a nation state level our tracking of the Pawn Storm crew’s attacks on NATO members and the White House proved it’s not just China and the US with cyber espionage capabilities. And a devastating strike which took out several TV5Monde TV channels reminded us of the real world damage that cyber attacks can inflict. It was disappointing to see the results of a new Quocirca study sponsored by Trend Micro which found that although complacency about breaches has dropped this year, 12% of the firms that said they’d been targeted didn’t know whether data had been taken or not. Some didn’t even know how much data they’d lost.
Another study we released, this time with the Ponemon Institute, warned of the threat to privacy and security from nascent IoT technologies.
We’ve done our best to help our customers stem the rising tide of attacks this past year, beyond providing industry leading products which received accolades from the likes of NSS Labs (Deep Discovery), Gartner, the V3 Awards (Deep Security) and the IAIR Awards (cloud security company of the year). Deep Security’s virtual patching capabilities have helped countless businesses continue to run Windows Server 2003 beyond the deadline for end of support earlier this year. And a landmark MoU agreement with the NCA has seen our threat researchers working hand-in-hand with the crime agency on cases – already resulting in the arrest of two suspects in the UK. Those same researchers have also lifted the lid on the shadowy Deep Web cybercrime markets of Japan, China, Germany and beyond in some fantastic reports this year.
We’ve also been awarded the “EICAR trusted IT security” seal of quality for Deep Security, Deep Discovery and OfficeScan – independent proof that none of these products have been tampered with by nation states.
But unfortunately the hard work never stops. Already lined up for next year are major changes to the regulatory environment, with the European General Data Protection Regulation and Network and Information Security Directive set to be finalised. And there’s a new Safe Harbour agreement to be thrashed out with US negotiators. Organisations desperately need their own Data Protection Officers (DPOs) to handle these coming compliance requirements and co-ordinate an effective response to data security threats. Yet we predict that fewer than 50% of organisations will have one installed by the end of next year.
Our other predictions for 2016 include the following:
- Threats will increasingly focus on extortion
- A failure in at least one consumer-grade IoT device will prove lethal
- Mobile malware will hit 20 million, driven by China
- Destructive cyber attacks will increase
- Ad blocking will kill malvertising
- Cybercrime prevention efforts will get more successful
Check out our latest report, The Fine Line: 2016 Security Predictions, for more. And we wish you all a very happy Christmas and prosperous New Year.